We’re running into an issue that the error You passed the limit of allowed calls to ‘/u/email-identifier/challenge’ occurred for many teachers when we tried to get them to sign up using Auth0 (email-password method). (40~50 teachers)
The school has a proxy, meaning that all attempts are from the same IP.
This endpoint isn’t very clearly documented in Self Service - Auth0 Docs . Is it Universal Login Flow Endpoints: Passwordless email challenge prompt or Authentication API: User Info?
Even enterprise solution doesn’t seem to have a higher rate-limit.
How can we provide support to schools with this issue?
Generally, no. That is due to these specific authentication endpoints having hard coded infrastructure limits in order to protect against abuse. Otherwise, you have pointed out the endpoint being related to the Passwordless email challenge prompt.
Otherwise, regarding some solutions for the issue that you are facing:
Pre-Provisioning via Management API - this way, you will avoid the self-service sign-up flow and limitations imposed by the rate limit where your backend creates the users via the Management API and then you send a Password Change Ticket in order for them to set up the account.
You will need to have a Staggered Onboarding Process where the sign-ups are spread across a 10-15 window to avoid the request limit per IP imposed.
The rate limits for the Management API in a pre-provisioning scenario should be around 50 to 100 requests per second, depending on your plant. Basically, you should be able to create around 50 users per second accommodating your need for around 1000 accounts.
